User login

Research

working on my diploma thesis I am looking for next generation malware. I already examined storm, now I was trying to go for nugache. As the botmaster was captuered some weeks ago, I was wondering if this botnet still works? I have some samples from early 2007, they do not seem to work (and still use TCP/8). Anyone with newer samples to try?
Moreover I am looking out for Asprox samples or any other samples of botnets that use FastFlux technologies.

I recently took a break from poking at Storm to do real work on some custom malware recovered in a compromise here.

This analysis is of a MS GINA hook that encrypts its log file with RC4. I'm light on mechanical details of the reversing and instead have focused on screenshots, an overview of the investigation, and some perl code to do the decrypting.

Over the last few days we have been getting a number of new emails with links to a specific fake video codec (which is actually a Trojan) ”get_flash_update.exe“. The attack appears to have infected a number of real and legitimate web-sites to act as malware distribution points.

For those who are not members of the ISSA, I am posting a link to some specific research articles we published in this journal. Highlighting one in particular on some data concerning Crimeware-as-a-Service or better known as server-side polymorphism.

One of my co-workers just learned that there is a malicious html page with his name on it! When I downloaded the page down we realized that it was not a targetted attack, but a variant of the malicious pages I reported under my MSN malicious results post.

This server actually had 3179 other html pages, each one with a name starting with Ryan-. The bad guys probably used a robot to collect information from web pages. More information here...

Abstract – This paper describes the code, behavior and infrastructure of a blog comment spam attack. The particular blog spam attack explained here uses HTTP/javascript obfuscation and redirection to pass the victims browser through several websites, ultimately infecting the victims host using a handful of exploits. This paper will also cover some of the techniques and tools used
in analyzing the attack.